User with Blocked(Bruteforce) is Able to Login

travis.evers · July 22, 2024, 4:02pm

Overview

This article explains why a user is able to log in when their account is in the Blocked(Bruteforce) state.

The following settings are enabled:

Brute-force Protection enabled
Block Brute-force Logins - enabled

Applies To

Brute-force Protection
Blocked(Bruteforce)

Cause

Brute-force protection safeguards against a single IP address attacking a single user account.

Solution

Review the backend logs and check for which IP the user is blocked under User Management > Users > Search the user > Raw JSON .

 "blocked_for": [
    {
      "identifier": "abc@example.com",
      "connection": "Username-Password-Authentication",
      "ip": "11.22.33.44"
    }

The recent login is from a different IP address -12.23.237.116—which is why they are able to log in.

You can check the logs corresponding to the user under Dashboard > Monitoring > Logs:

user_id:"auth0|123456"

Topic		Replies	Views
User Can Still Log In After Brute Force Block Knowledge Articles	1	625	October 19, 2023
Account (Blocked Bruteforce) Help	1	1264	October 22, 2022
The User is Marked "BLOCKED(BRUTEFORCE)" although the User IP is in the Allowlist of the Brute Force Protection Knowledge Articles brute-force , allowlist , blocked-not-working , ip-protection	1	129	July 2, 2024
Account is Blocked Help	2	4506	September 13, 2021
Why does Brute Force Protection sometimes permit login when the account has been blocked? Knowledge Articles	1	1111	June 13, 2023

User with Blocked(Bruteforce) is Able to Login

Overview

Applies To

Cause

Solution

Related Topics